DOS attacks

DOS attacks, heard of them taking down servers, restricting traffic and even bringing down a country’s communications. But, how do they work? A simple example would that being a heart. Let’s say the veins are the internet. And you are pumping blood through this tube. The blood is good traffic. What happens if you overload the veins with fat (bad traffic)? And so the heart has a failure and can’t pump blood to the other organs, a Denial of Service.

DOS attacks are one of the simplest ways to bring down a server, by overwhelming its bandwidth or computing resources. A simple DOS attack code would be:

ping {ip} -t -l 50000

In which you can just enter into the command prompt. This command sends 50000 bytes (roughly 50 kilobytes) of data to the ip, in a single packet. The -t is to ping the specified host until stopped and -l is to specify the buffer size. DOS are commonly used by script kiddies.

However, DOS attacks may crash systems by overloading their computing resources like having a heart attack. Sooner or later you have to get to a doctor or die (no offense meant). This only works in older systems due to the tremendous increase in computing power.

To prevail in a DOS attack, however, the attacker’s bandwidth must be wider than the defender’s bandwidth to overwhelm it with traffic, so more fat can get to the heart. This is only for singular attacks only (one on one). However, in a DDOS(Distributed Denial of Service) attack, the attacker may use zombie computers to send packets to the victim, therefore intensifying the attack. Imagine a huge clog with more than a few hundred computers streaming it.

Instead of using zombie computers, attackers may also choose to spoof their ips to that of their victim’s computer. By doing so, he can send ip packets to many computers, and so the computers respond in pinging to the sender’s ip. However, the sender’s ip has been spoofed and so they unknowingly flood the victim. This is known as a Reflected attack.

DOS attacks can be so harmful that they may cause system damage in which the system is attacked so badly when they exploit flaws in the system, and then ‘update’ the device to modify it to make it permanently unusable.

DOS defense tactics

Firewalls provide protection from some DOS attacks by differentiating good traffic from DOS attacks but however a more complex attack on port 80 would have the server fully vulnerable because it is the web service port. Another way is the ISP(Internet Service Provider) noticing the attack and disconnecting the attacker.

Rerouting traffic through routers to auxiliary servers to help in filtering the bad traffic from good traffic also helps as it weighs less strain on the main server and allocates computing resources. Another way is to hide the host. The best foolproof way, however, is to plug out the internet cable and wait it out.

DOS attack tools:
FATA-jack
HyperWRT
MDK2

Recent famous DOS attacks include:

The DOS attack of Georgia weeks after the Russian-Georgian war. This caused multiple Georgian servers to be shut down and overloaded communications.

In July 2008 4chan received a 10gbps attack and suffered 2 weeks of downtime.

In September 2008 Digg and Gamesurge went under heavy DOS attacks and became offline for 6 hours.